iCloud hacking, the act of stealing valuable data through a victim’s iCloud account, gained popularity in 2014 following a spate of high-profile celebrity hacks. Around this time, spyware providers started creating new products that would harvest data from iCloud because it has less technical hurdles for their customers to overcome, compared to alternative spy apps that require the user to Jailbreak the target’s device.
This type of iCloud hacking is typically marketed as ‘No-Jailbreak’ spyware, and works like this:
- The hacker purchases a licence for the spyware, for as little as $20.
- The hacker needs the victim’s Apple ID and password, which they enter on the spyware provider’s website.
- The spyware company will then use the provided details to login into the victim’s account and download data from the backup of their iPhone/iPad stored in iCloud. This will essentially give them access to everything on the phone at the time of the backup, including text messages, browsing history, social media apps data and instant messaging conversations.
- This data is then processed and made available to the hacker via an easy-to-use web portal, which is updated each time the victim’s phone backs up to iCloud.
In an effort to combat breached iCloud accounts, Apple have made several security improvements to their services over the years, which has helped to make iCloud more secure. First, two-factor authentication (2FA) for Apple ID was introduced and over time this has become the default setting for Apple IDs. With that enabled, even if a hacker knows the victim’s Apple ID and password, it’s not enough for them to hack their account. They would also need the unique six-digit code that is sent to the victim’s phone to authorize the connection to iCloud.
Secondly, Apple has more recently put in place restrictions relating to iCloud. This makes it much more difficult for external services such as spyware to retrieve backup data from iCloud, whether the account has two-factor authentication or not.
Research and Findings
Despite the improvements to Apple’s security, several spyware providers still offer iCloud monitoring, often referred to as ‘No-Jailbreak Monitoring’. We wanted to see if it was a credible threat today, so we tried a few of these services out with test accounts and devices in our lab.
We looked at the top 25 spyware providers that offer solutions to monitor iPhones. This is what we found:
iCloud backups are now protected from hackers
Of the 25 spyware providers, only 3 offer an iCloud solution that can allegedly get all the data from an iCloud backup of an iPhone. We tested iCloud products from these 3 spyware providers with an Apple ID that had two-factor authentication turned on, as well as another Apple ID that didn’t. None of these products were able to retrieve data from the backup in our test iCloud accounts. This is likely due to the improved security added to iCloud, which means Apple is no longer allowing third party services to download a full device backup from an iCloud account. It seems likely, therefore, that these companies are either being slow to update their websites to remove products that no longer work or are deliberately misrepresenting their capabilities to sell more spyware licenses.
Limited access to iCloud data is still possible
Of the original 25, a further 7 spyware providers also claim to be able to steal data from iCloud, but in a more limited way. Rather than acquiring a full back-up from iCloud, they claim to be able to download data that has been synced with iCloud. In terms of what data is available to the hacker, this is limited to data that the target’s device is specifically configured to synchronize with iCloud, rather than a full backup of the phone. However, this can still include things like iMessages, contacts, photos and real-time location. We tested all 7 of these services with our two test Apple IDs and only 2 of them could successfully download the synced data from iCloud. The other 5 failed to establish a connection to Apple’s servers, regardless of whether the account had two-factor authentication or not.
iCloud security advice
Fortunately, any iCloud attack is easy to protect against. The first thing you should do is change your password regularly. This makes your Apple ID harder to hack and also if it’s already been compromised it’s a good way to lock the hackers out of your account. Another good piece of advice is to not sync data to iCloud if you don’t need to. This helps to keep any sensitive data away from hackers, reducing the harm they are able to do.
But by far the most important security advice when it comes to iCloud is to enable two-factor authentication to stop any unauthorized access to your account. If you already have two-factor authentication, but are concerned someone might still have access to your account, you may find the following information useful.
With two-factor authentication enabled, a hacker would have to know your Apple ID/password AND have access to your device to get your two-factor code in order to compromise your iCloud account. Changing your Apple ID password will lock them out and they will then need to work out your new password AND get hold of your phone again to receive a new two-factor code. So, make sure you have a strong iPhone unlock passcode that only you know.
So, in short, can your iCloud account be hacked in 2022? The short answer to that question is yes, however, our research has shown that iCloud hacking is not possible in the same way it used to work. Spyware is unable to download a full backup of a victim’s device from iCloud. Instead, it now works in a more limited way by acquiring iCloud Synced Data. This is reflected in the reduction of spyware providers offering iCloud monitoring solutions. In 2016 around 90% of spyware providers offered a solution for iCloud monitoring while in 2021, only about a third of these companies are still offering that solution, of which only two actually work. As Apple continues to improve the security of their users’ iCloud accounts it may not be long before it’s not possible at all for hackers/spyware companies to get anything from iCloud.
This does not mean as an iPhone/iPad user that you are completely safe from hacking, however. Over the last few years, we’ve seen a major shift away from iCloud hacking towards other forms of spying such as traditional spy apps that require a Jailbreak, and more recently spyware that exploits the built-in iTunes WiFi Sync feature to steal data that is backed up to a nearby computer, rather than the cloud.
If you have any doubts about the security of your phone, then Certo AntiSpy will check your device and prompt you to remove or restrict any suspicious apps. By utilising all these safety measures, you can be reassured your data is safe.